CVE-2025-15547

By default, jailed processes cannot mount filesystems, including nullfs4. However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. If a privileged user within a jail is able to nullfs-mount directories, a limitation of the kernel's path lookup logic...

CVE-2025-15576 Jail chroot escape via fd exchange with a different jail

If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via a nullfs mount, if the administrator has configured one. In this...

CVE-2025-15576

CVE-2025-15576 describes a jail/chroot escape in FreeBSD. When two sibling jails are restricted to separate filesystem trees, processes in the two jails can still exchange directory descriptors via a unix domain socket and access a shared directory mounted with nullfs. During a filesystem name lo...

CVE-2025-15576 Jail chroot escape via fd exchange with a different jail

If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via a nullfs mount, if the administrator has configured one. In this...

CVE-2025-15547 Jail escape by a privileged user via nullfs

By default, jailed processes cannot mount filesystems, including nullfs4. However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. If a privileged user within a jail is able to nullfs-mount directories, a limitation of the kernel's path lookup logic...

CVE-2025-15547 Jail escape by a privileged user via nullfs

By default, jailed processes cannot mount filesystems, including nullfs4. However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. If a privileged user within a jail is able to nullfs-mount directories, a limitation of the kernel's path lookup logic...

FreeBSD : FreeBSD -- Jail chroot escape via fd exchange with a different jail (a88f5b2d-11e9-11f1-8148-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a88f5b2d-11e9-11f1-8148-bc241121aa0a advisory. If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the t...

FreeBSD-SA-26:04.jail

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:04.jail Security Advisory The FreeBSD Project Topic: Jail chroot escape via fd exchange with a different jail Category: core Module: jail Announced:...

FreeBSD -- Jail chroot escape via fd exchange with a different jail

Problem Description: If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via a nullfs mount, if the administrator has...

EUVD-2013-1887

Malware in sbrugna...

EUVD-2025-10066

Malicious code in bioql PyPI...

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

CVE-2025-32463-Sudo-Chroot-Escape --- Description This re...

SUSE CVE-2024-22036

A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot jail and gain root access to the Rancher container itself. In production environments, further privilege escalation is possible based on living off the land within the Rancher...

Exploit for Incorrect Authorization in Sudo_Project Sudo

CVE-2025-32462 & CVE-2025-32463 – PoC Lab This is a container...

CVE-2005-1339

lukemftpd in Mac OS X 10.3.9 allows remote authenticated users to escape the chroot environment by logging in with their full name...

CVE-2024-22036

A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot jail and gain root access to the Rancher container itself. In production environments, further privilege escalation is possible based on living off the land within the Rancher...

CVE-2025-3364

The SSH service of PowerStation from HGiga has a Chroot Escape vulnerability, allowing attackers with root privileges to bypass chroot restrictions and access the entire file system...

CVE-2025-3364

The SSH service of PowerStation from HGiga has a Chroot Escape vulnerability, allowing attackers with root privileges to bypass chroot restrictions and access the entire file system...

CVE-2025-3364 HGiga PowerStation - Chroot Escape

The SSH service of PowerStation from HGiga has a Chroot Escape vulnerability, allowing attackers with root privileges to bypass chroot restrictions and access the entire file system...

CVE-2025-3364 HGiga PowerStation - Chroot Escape

The SSH service of PowerStation from HGiga has a Chroot Escape vulnerability, allowing attackers with root privileges to bypass chroot restrictions and access the entire file system...